discuz验证过程介绍

呵呵....
--疑惑-----
cdb_members表的secques字段是干嘛用的(二次操作验证之用)
--发现

SELECT groupid='6' AS ipbanned

--意思是如果groupid='6', 那么ipbanned的值为真,为1
-----清空了所有客户端cookie后的访问---------------
---这是为了论坛底部访问统计的查询
----删除所有游客

DELETE FROM cdb_sessions
WHERE sid='9brXS4' --不知道这个sid从何而来(可能为随机)
OR lastactivity<(1166753279-900) --15分钟未活动的游客
OR ('0'<>'0' AND uid='0') --此条件永远为false , 0当然=0
OR (uid='0' AND ip1='127' AND ip2='0' AND ip3='0' AND ip4='1' AND lastactivity>1166753279-60) --或者同一ip活动时间1分钟内的.(即去除同一ip的重复记录)

----插入此游客记录到session里

INSERT INTO cdb_sessions
(sid, ip1, ip2, ip3, ip4,
uid, username, groupid, styleid, invisible, action,
lastactivity, --当前时间为活动时间
lastolupdate, seccode, --seccode安全码?不知道有什么用
fid, tid, bloguid)
VALUES ('9brXS4', '127', '0', '0', '1',
'0', '', '7', '1', '0', '1', '1166753279', '0', '9373', '0', '0', '0')

--在线人数信息------

SELECT uid, username, groupid, invisible, action, lastactivity, fid FROM cdb_sessions ORDER BY uid DESC

-----///////////////////登录过程/////////////////////////////
----------以下语句看起来是无用-----------

SELECT uid, secques FROM cdb_members WHERE username='admin'
UPDATE cdb_members SET username='admin', password='45e153xxxxxxx87cb6bf8', email='dfds@126.com'
WHERE uid='1054'

----------貌似这里是重复劳动---------------

SELECT uid AS discuz_uid, username AS discuz_user, password AS discuz_pw, secques AS discuz_secques,
adminid, groupid, groupexpiry, extgroupids, email, timeoffset, styleid, tpp, ppp, posts, digestposts, oltime, pageviews, credits,
extcredits1, extcredits2, extcredits3, extcredits4, extcredits5, extcredits6, extcredits7, extcredits8, timeformat,
dateformat, pmsound, sigstatus, invisible, lastvisit, lastactivity, lastpost, newpm, accessmasks, xspacestatus, editormode, customshow
FROM cdb_members WHERE uid='1054' AND password='45e1534xxxxxxx387cb6bf8' AND secques=''

---查论坛帖子数量信息------

SELECT t.*, f.name FROM cdb_threads t, cdb_forums f
WHERE t.fid<>'0' AND f.fid=t.fid ORDER BY t.dateline DESC LIMIT 0, 10

---查论坛帖子数量信息------

SELECT t.*, f.name FROM cdb_threads t, cdb_forums f
WHERE t.fid<>'0' AND f.fid=t.fid AND t.closed NOT LIKE 'moved|%' AND t.replies !=0 ORDER BY t.lastpost DESC LIMIT 0, 10

---查论坛帖子数量信息------

SELECT t.*, f.name FROM cdb_threads t, cdb_forums f
WHERE digest>'0' AND t.fid<>'0' AND f.fid=t.fid ORDER BY t.dateline DESC LIMIT 0, 10

--查论坛信息---

SELECT f.fid, f.fup, f.type, f.name, f.threads, f.posts, f.todayposts, f.lastpost, f.inheritedmod, f.forumcolumns, ff.description, ff.moderators, ff.icon, ff.viewperm FROM cdb_forums f
LEFT JOIN cdb_forumfields ff USING(fid)
WHERE f.status='1' ORDER BY f.type, f.displayorder

--online time--

UPDATE cdb_onlinetime SET total=total+'10', thismonth=thismonth+'10', lastupdate='1166754541'
WHERE uid='1054' AND lastupdate<='1166753941'

--在线人数据-----

DELETE FROM cdb_sessions WHERE sid='QvC8mm' OR lastactivity<(1166754541-900) OR ('1054'<>'0' AND uid='1054') OR (uid='0' AND ip1='127' AND ip2='0' AND ip3='0' AND ip4='1' AND lastactivity>1166754541-60)
INSERT INTO cdb_sessions (sid, ip1, ip2, ip3, ip4, uid, username, groupid, styleid, invisible, action, lastactivity, lastolupdate, seccode, fid, tid, bloguid)
VALUES ('QvC8mm', '127', '0', '0', '1', '1054', 'admin', '1', '1', '0', '1', '1166754541', '1166754541', '2124', '0', '0', '0')

---更新会员之后访问

UPDATE cdb_members SET lastip='127.0.0.1', lastvisit=lastactivity, lastactivity='1166754541' WHERE uid='1054'

--在线人数信息------

SELECT uid, username, groupid, invisible, action, lastactivity, fid FROM cdb_sessions ORDER BY uid DESC

-----普通会员的访问/////////////////////////////
--sid来自cookie cdb_sid=QvC8mm , 这里不仅验证cookie,而且验证ip,保证了访问用户的身份是来自同一ip,
--那么被cookie复制欺骗的概率就大大的被降低了.对于论坛,安全到ip的级别应该是够用了.况且cdb_sid还是一个随机的字符.

SELECT sid, uid AS sessionuid, groupid, groupid='6' AS ipbanned, pageviews AS spageviews, styleid, lastolupdate, seccode
FROM cdb_sessions WHERE sid='QvC8mm' AND CONCAT_WS('.',ip1,ip2,ip3,ip4)='127.0.0.1'

--查询会员信息,现在我们知道为什么discuz论坛都要定期清理会员了.这个操作是如此的频繁.

SELECT m.uid AS discuz_uid, m.username AS discuz_user, m.password AS discuz_pw,
m.secques AS discuz_secques, m.adminid, m.groupid, m.groupexpiry, m.extgroupids, m.email, m.timeoffset,
m.tpp, m.ppp, m.posts, m.digestposts, m.oltime, m.pageviews, m.credits, m.extcredits1, m.extcredits2, m.extcredits3, m.extcredits4, m.extcredits5,
m.extcredits6, m.extcredits7, m.extcredits8, m.timeformat, m.dateformat, m.pmsound, m.sigstatus, m.invisible,
m.lastvisit, m.lastactivity, m.lastpost, m.newpm, m.accessmasks,m.xspacestatus, m.editormode, m.customshow
FROM cdb_members m WHERE uid='1054'

--查询论坛信息-----------

SELECT t.*, f.name FROM cdb_threads t, cdb_forums f WHERE t.fid<>'0' AND f.fid=t.fid ORDER BY t.dateline DESC LIMIT 0, 10
SELECT t.*, f.name FROM cdb_threads t, cdb_forums f WHERE t.fid<>'0' AND f.fid=t.fid AND t.closed NOT LIKE 'moved|%' AND t.replies !=0 ORDER BY t.lastpost DESC LIMIT 0, 10
SELECT t.*, f.name FROM cdb_threads t, cdb_forums f WHERE digest>'0' AND t.fid<>'0' AND f.fid=t.fid ORDER BY t.dateline DESC LIMIT 0, 10
SELECT f.fid, f.fup, f.type, f.name, f.threads, f.posts, f.todayposts, f.lastpost, f.inheritedmod, f.forumcolumns, ff.description, ff.moderators, ff.icon, ff.viewperm FROM cdb_forums f
LEFT JOIN cdb_forumfields ff USING(fid)
WHERE f.status='1' ORDER BY f.type, f.displayorder

--online time , 每10分钟

UPDATE cdb_onlinetime SET total=total+'10', thismonth=thismonth+'10', lastupdate='1166755500'
WHERE uid='1054' AND lastupdate<='1166754900'

--更新会员信息

UPDATE cdb_sessions SET uid='1054', username='admin', groupid='1', styleid='1', invisible='0', action='1',
lastactivity='1166755500', lastolupdate='1166755500', seccode='2124', fid='0', tid='0', bloguid='0' ,
pageviews=pageviews+1 WHERE sid='QvC8mm'

--在线人数信息------

SELECT uid, username, groupid, invisible, action, lastactivity, fid FROM cdb_sessions ORDER BY uid DESC

-----普通会员操作的验证/////////////////////////////
-------passport登录过程\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--passport登录通过后,将密码和几个字段加密后写入cookie,cdb_auth,这样你再访问论坛,它会首先检查
--cdb_sid有无,再看cdb_auth有无,有,取这个cdb_auth,解密后,拿密码,uid和数据库表做对比,正确,则生成cdb_sid并
--插入记录到 session表 .

SELECT * FROM `cdb_members` WHERE username = 'testxx'
SELECT uid, secques FROM cdb_members WHERE username='testxx'
UPDATE cdb_members SET username='testxx', password='52c69e3a57331099999991c4e69d3f2e', email='99@99.com'
WHERE uid='852'
061222 13:45:47 3 Connect root@localhost on
SELECT uid AS discuz_uid, username AS discuz_user, password AS discuz_pw, secques AS discuz_secques,
adminid, groupid, groupexpiry, extgroupids, email, timeoffset, styleid, tpp, ppp, posts, digestposts, oltime, pageviews, credits,
extcredits1, extcredits2, extcredits3, extcredits4, extcredits5, extcredits6, extcredits7, extcredits8, timeformat,
dateformat, pmsound, sigstatus, invisible, lastvisit, lastactivity, lastpost, newpm, accessmasks, xspacestatus, editormode, customshow
FROM cdb_members WHERE uid='852' AND password='52c69e3a57331099999991c4e69d3f2e' AND secques=''
SELECT t.*, f.name FROM cdb_threads t, cdb_forums f WHERE t.fid<>'0' AND f.fid=t.fid ORDER BY t.dateline DESC LIMIT 0, 10
SELECT t.*, f.name FROM cdb_threads t, cdb_forums f WHERE t.fid<>'0' AND f.fid=t.fid AND t.closed NOT LIKE 'moved|%' AND t.replies !=0 ORDER BY t.lastpost DESC LIMIT 0, 10
SELECT t.*, f.name FROM cdb_threads t, cdb_forums f WHERE digest>'0' AND t.fid<>'0' AND f.fid=t.fid ORDER BY t.dateline DESC LIMIT 0, 10
SELECT f.fid, f.fup, f.type, f.name, f.threads, f.posts, f.todayposts, f.lastpost, f.inheritedmod, f.forumcolumns, ff.description, ff.moderators, ff.icon, ff.viewperm FROM cdb_forums f
LEFT JOIN cdb_forumfields ff USING(fid)
WHERE f.status='1' ORDER BY f.type, f.displayorder
UPDATE cdb_onlinetime SET total=total+'10', thismonth=thismonth+'10', lastupdate='1166766347' WHERE uid='852' AND lastupdate<='1166765747'
INSERT INTO cdb_onlinetime (uid, thismonth, total, lastupdate)
VALUES ('852', '10', '10', '1166766347')
DELETE FROM cdb_sessions WHERE sid='5sS9P0' OR lastactivity<(1166766347-900) OR ('852'<>'0' AND uid='852') OR (uid='0' AND ip1='127' AND ip2='0' AND ip3='0' AND ip4='1' AND lastactivity>1166766347-60)
INSERT INTO cdb_sessions (sid, ip1, ip2, ip3, ip4, uid, username, groupid, styleid, invisible, action, lastactivity, lastolupdate, seccode, fid, tid, bloguid)
VALUES ('5sS9P0', '127', '0', '0', '1', '852', 'testxx', '10', '1', '0', '1', '1166766347', '1166766347', '4097', '0', '0', '0')
SELECT uid, username, groupid, invisible, action, lastactivity, fid FROM cdb_sessions ORDER BY uid DESC

疯狂暗示打赏按钮

本文标签：

声明：本文由代码号注册/游客用户【海云】供稿发布，本站不对用户发布的discuz验证过程介绍信息内容原创度和真实性等负责。如内容侵犯您的版权或其他权益，请留言并加以说明。站长审查之后若情况属实会及时为您删除。同时遵循 CC 4.0 BY-SA 版权协议，尊重和保护作者的劳动成果，转载请标明出处链接和本声明内容。本文作者：海云» https://www.ebingou.cn/dmh/16062.html

很赞哦！ ()